faustinoaq changed the topic of #amber to: Welcome to Amber Framework community! | https://amberframework.org | Developer happiness, productivity and bare metal performance | GH: https://github.com/amberframework | Docs: https://docs.amberframework.org | Gitter: https://gitter.im/amberframework/amber | IRC Logger: https://irclog.whitequark.org/amber | Amber::Server.start
_whitelogger has joined #amber
_whitelogger has joined #amber
_whitelogger has joined #amber
<FromGitter> <andrewc910> How would one go about rate limiting an Amber API?
<FromGitter> <Blacksmoke16> globally or per ip or per user?
<FromGitter> <andrewc910> Both I guess.
<FromGitter> <andrewc910> Both as in globally and user. Users will have an API key so I think that would be better than individual ip's?
<FromGitter> <Blacksmoke16> right so if one user gets limited another user would be fine
<FromGitter> <andrewc910> Correct.
<FromGitter> <andrewc910> Would you use something like redid for this? Because checking the DB on each request sounds slow and taxing
<FromGitter> <andrewc910> Redis*
<FromGitter> <Blacksmoke16> yea probaby
<FromGitter> <drujensen> would be nice as a middleware shard that could be leveraged by Kemal and other frameworks.
<FromGitter> <drujensen> if you implement it as a HTTP::Handler, you can plug it into a pipeline in Amber. https://crystal-lang.org/api/0.33.0/HTTP/Handler.html
<FromGitter> <drujensen> but it can also be used in other crystal frameworks. It’s like rack in ruby.
<FromGitter> <drujensen> you can find Amber’s HTTP::Handlers here as examples: https://github.com/amberframework/amber/tree/master/src/amber/pipes
<FromGitter> <Blacksmoke16> also might be worth not coupling the handler logic with redis
<FromGitter> <Blacksmoke16> i.e. could do like
<FromGitter> <Blacksmoke16> ```code paste, see link``` [https://gitter.im/amberframework/amber?at=5e835677c345c9758c033047]
<FromGitter> <Blacksmoke16> where one implementation of the provider could be `Redis`
<FromGitter> <Blacksmoke16> idt it would be really hard
<FromGitter> <andrewc910> Hmm, okay, so we use redis. What should the collection look like? I am thinking store the user id, the endpoint if the request & timestamp. This way I can rate limit an entire user or rate limit one user on one endpoint. That about cover it?
<FromGitter> <Blacksmoke16> redis has an ability to run lua scripts, at work we set it up to just run a lua script and return a value
<FromGitter> <Blacksmoke16> where that value is the number of ms until they can make the next request
<FromGitter> <Blacksmoke16> so that we make one call to redis, and get the value, versus hitting up redis multiple times for each value we need etc
<FromGitter> <Blacksmoke16> https://paste.ee/p/aX7yv
<FromGitter> <Blacksmoke16> like that
<FromGitter> <Blacksmoke16> :shrug: is just one way to go about i i guess
<FromGitter> <andrewc910> Hmm that's pretty smart. I guess now is my time to learn redis
<FromGitter> <Blacksmoke16> http://stefanwille.github.io/crystal-redis/Redis/Commands.html#eval%28script%3AString%2Ckeys%3D%5B%5DofRedisValue%2Cargs%3D%5B%5DofRedisValue%29-instance-method redis shard supports it as well
<FromGitter> <andrewc910> Awesome was going through the docs rn. Thank you!
FromGitter has quit [Remote host closed the connection]
FromGitter has joined #amber